Skip to main content

Adobe InDesign CVE-2026-34699

| EUVD-2026-35777 HIGH
Heap-based Buffer Overflow (CWE-122)
2026-06-09 adobe GHSA-rp93-mmx2-chm6
Heap Overflow Buffer Overflow RCE Indesign Desktop
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jun 09, 2026 - 18:56 vuln.today

DescriptionCVE.org

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

AnalysisAI

Arbitrary code execution in Adobe InDesign Desktop versions 21.3, 20.5.3 and earlier is possible when a user opens a maliciously crafted document, triggering a heap-based buffer overflow. The flaw runs code in the context of the logged-in user and was reported by Adobe; no public exploit identified at time of analysis and EPSS data is not provided.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Craft malicious InDesign document
Delivery
Deliver via email or shared drive
Exploit
Victim opens file in InDesign
Install
Heap buffer overflow triggers in parser
C2
Hijack control flow with crafted heap layout
Execute
Execute arbitrary code as current user
Impact
Access user files and pivot internally
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires the victim to manually open a maliciously crafted InDesign document (INDD/INDT/IDML or related supported file) in a vulnerable build of InDesign Desktop 21.3, 20.5.3 or earlier; the CVSS vector AV:L/UI:R confirms local attack vector with required user interaction. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H yields a base score of 7.8 (High) and reflects a classic client-side file-open exploitation profile: local attack vector with required user interaction but no privileges, leading to full confidentiality, integrity and availability impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker emails a designer a malicious InDesign document (e.g., a fake brand-style template or vendor-supplied IDML) and entices them to open it; upon parsing, the heap-based buffer overflow triggers and shellcode executes as the logged-in user, giving the attacker the same access to documents, network shares and saved credentials as the victim. No public exploit identified at time of analysis, so the realistic near-term threat is targeted spear-phishing against creative and publishing teams rather than mass campaigns.
Remediation Apply the vendor-released patch by updating Adobe InDesign Desktop to the fixed version listed in Adobe Security Bulletin APSB26-58 (https://helpx.adobe.com/security/products/indesign/apsb26-58.html) using the Creative Cloud desktop application or enterprise admin console; the bulletin enumerates exact fixed builds for InDesign 2025 (20.x) and 2026 (21.x) tracks. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Inventory all InDesign installations and identify systems running versions 21.3, 20.5.3, or earlier; implement intake controls restricting document opening to verified trusted sources only. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-48293 HIGH
7.8 Jun 09

Arbitrary code execution in Adobe InDesign Desktop 21.3, 20.5.3 and earlier allows attackers to run code as the logged-i
CVE-2026-34695 HIGH
7.8 Jun 09

Arbitrary code execution in Adobe InDesign Desktop 21.3, 20.5.3 and earlier occurs when a user opens a maliciously craft
CVE-2026-34696 HIGH
7.8 Jun 09

Arbitrary code execution in Adobe InDesign Desktop 21.3, 20.5.3 and earlier stems from a use-after-free condition trigge
CVE-2026-34697 HIGH
7.8 Jun 09

Arbitrary code execution in Adobe InDesign Desktop 21.3, 20.5.3 and earlier occurs through a stack-based buffer overflow
CVE-2026-34698 HIGH
7.8 Jun 09

Arbitrary code execution in Adobe InDesign Desktop 21.3, 20.5.3 and earlier occurs via a heap-based buffer overflow (CWE

Share

CVE-2026-34699 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy